Skip to content
Open

Yes #419

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
772 commits
Select commit Hold shift + click to select a range
af0b395
feat: add durable webhook subscription store
believetimothy Jun 27, 2026
c20b6c5
Merge branch 'main' into feature/webhook-store
believetimothy Jun 27, 2026
0d1c714
Merge branch 'main' into task/activity-cursor
d3vobed Jun 27, 2026
06fc286
feat(webhooks): add admin redeliver endpoint (#594)
d3vobed Jun 27, 2026
ebbce04
Merge remote-tracking branch 'upstream/main' into feature/request-fin…
GEEKYFOCUS Jun 27, 2026
1ec5993
fix: sync package-lock.json for npm ci after upstream merge
GEEKYFOCUS Jun 27, 2026
89d839d
fix: repair merge corruption in stream route handlers
GEEKYFOCUS Jun 27, 2026
aad1c49
feat: add GrantFox smart contract deployment pipeline
Adesam007-pr3dator Jun 27, 2026
fbbd042
feat: add gas-on-recipient toggle with clear cost surfaced
AnnieIj Jun 27, 2026
ea15fab
feat: add contract-tests fixtures for openapi conformance
Bizify1370 Jun 27, 2026
9fa126d
Merge pull request #653 from Kenlachy/task/copy-address
greatest0fallt1me Jun 27, 2026
d7425e8
Merge pull request #654 from shogun444/task/wallet-compat
greatest0fallt1me Jun 27, 2026
8c0de11
Merge pull request #655 from d3vobed/task/activity-cursor
greatest0fallt1me Jun 27, 2026
38fcc23
Merge pull request #656 from onyemaechiezekiel9/task/lifecycle-events
greatest0fallt1me Jun 27, 2026
c11579d
Merge pull request #718 from d3vobed/task/step-indicator
greatest0fallt1me Jun 27, 2026
9c66405
Merge pull request #719 from believetimothy/feature/webhook-store
greatest0fallt1me Jun 27, 2026
f6d5749
Merge pull request #720 from gidadoabdullateef5/feature/request-finge…
greatest0fallt1me Jun 27, 2026
1e45e6c
Merge pull request #721 from d3vobed/feature/webhook-redeliver
greatest0fallt1me Jun 27, 2026
2cc3eb6
Merge PR #722: feat: add GrantFox smart contract deployment pipeline …
greatest0fallt1me Jun 27, 2026
1cdfe6b
Merge pull request #723 from AnnieIj/feature/gas-on-recipient
greatest0fallt1me Jun 27, 2026
19ac921
Merge PR #724: feat: add contract-tests fixtures for OpenAPI conforma…
greatest0fallt1me Jun 27, 2026
82ea4bf
feat: add natspec-style /// docs to every public entrypoint
Awointa Jun 27, 2026
e5f250a
feat: add toast queue with role=status
GEEKYFOCUS Jun 27, 2026
b974074
Merge branch 'main' into task/natspec-docs
Awointa Jun 27, 2026
48bc7f2
Merge pull request #725 from gidadoabdullateef5/task/toast-queue
greatest0fallt1me Jun 27, 2026
bd6f616
Merge pull request #726 from Awointa/task/natspec-docs
greatest0fallt1me Jun 27, 2026
4a393b3
feat: update SplashScreen to use Next.js Image component and add webh…
Awointa Jun 27, 2026
f3be141
feat: add Clippy linting workflow and configuration for Rust contracts
Awointa Jun 27, 2026
9412a2d
refactor: remove pause functionality from Stream contract
Awointa Jun 27, 2026
1657a12
feat: add request-size caps per route
Jun 27, 2026
391f85d
feat: add overflow-safe vested-amount math
ifeco9 Jun 27, 2026
f106ced
task: typed Soroban error enum
frankrichard99 Jun 28, 2026
8a08800
feat: add mock implementations for Next.js navigation and router
Awointa Jun 28, 2026
973b0f2
refactor: streamline admin_action function and improve test assertion…
Awointa Jun 28, 2026
b92e8db
test: update test environment to node and add jest-dom dependency
Awointa Jun 28, 2026
ef74243
feat: add light/dark/system theme toggle in settings
amankoli09 Jun 28, 2026
9d48b7d
Merge PR #727: feat: add clippy pedantic + CI lint gate (#612) (adm…
greatest0fallt1me Jun 28, 2026
9598b88
Merge pull request #728 from shepherd-001/task/body-size
greatest0fallt1me Jun 28, 2026
a0798d2
Merge PR #729: feat: add overflow-safe vested-amount math (admin; con…
greatest0fallt1me Jun 28, 2026
e00fd5d
Merge pull request #730 from frankrichard99/task/onchain-error-enum
greatest0fallt1me Jun 28, 2026
63c0b57
Merge pull request #731 from amankoli09/task/theme-three-way
greatest0fallt1me Jun 28, 2026
e76f0f2
feat: add 'preview create' dry-run endpoint
fwseyi Jun 28, 2026
bf95a24
feat: implement correct sender/recipient refund split on stream cance…
Awointa Jun 28, 2026
93caa62
#535 Add address book with labels and ENS-equivalent lookup
Jeyvers Jun 28, 2026
99bf09f
feat: add JWKS endpoint and JWT signing key rotation
Ajibose Jun 28, 2026
914dc9f
feat: add 'pause all by sender' admin endpoint
omosvico Jun 28, 2026
f8873a6
feat: polish empty/loading/error states across /streams /activity /re…
Ajibose Jun 28, 2026
4c2eb23
feat: add ip-based rate limit on /api/auth/wallet/login
omosvico Jun 28, 2026
db82bab
feat: add reconciliation cli for ad-hoc invocation
omosvico Jun 28, 2026
6bbbf67
feat: add fuzz target for create_stream
BigMick03 Jun 28, 2026
ec4f5b1
fix: update event topic for admin action and adjust test assertions
Awointa Jun 28, 2026
fde4f3e
feat: add request-size caps per route
Jun 28, 2026
a1f0609
Merge branch 'main' into feature/cancel-stream
Awointa Jun 28, 2026
3df3987
Merge branch 'main' of https://github.com/shepherd-001/StreamPay-Fron…
Jun 28, 2026
317bbbc
feat: add fee-bump support for Soroban withdrawal transactions
Jun 28, 2026
f830196
feat: enhance event structure and publish methods for stream lifecycl…
Awointa Jun 28, 2026
a317b84
feat: add cancel_stream entrypoint with correct sender/recipient refu…
Awointa Jun 28, 2026
4a7dece
chore: upgrade to React 19 and update lock file
Jun 28, 2026
d3247e7
fix: resolve TypeScript error in error mapper
Jun 28, 2026
aa196f4
feat: add ttl bumping on every read path
Fury03 Jun 28, 2026
a929e34
feat: add init_with_token_allowlist initializer
BigMick03 Jun 28, 2026
8d28785
close #596
onyillto Jun 28, 2026
48ee6aa
feat: add coverage gate ≥ 95%
quickweb-stack Jun 28, 2026
30118ee
feat: claim_drip read-only view
yunus-dev-codecrafter Jun 28, 2026
0547594
feat: add benchmark harness with criterion
quickweb-stack Jun 28, 2026
c6943af
feat: add recently used recipient rail in create-stream
Fury03 Jun 28, 2026
e741146
feat: add cli smoke tests via stellar contract invoke
quickweb-stack Jun 28, 2026
8fa8b3a
Fix getStream returning stale data after switching networks
BigMick03 Jun 28, 2026
5f6ddc0
feat: canary release routing in middleware
yunus-dev-codecrafter Jun 28, 2026
8c495fc
feat: add paginated stream enumeration view
Joeloo1 Jun 28, 2026
a8b2949
test: add invalid resume state coverage
khanavi272-spec Jun 28, 2026
1bee42d
feat: per-recipient receipt customisation (#714)
Jagadeeshftw Jun 28, 2026
1b9b0f8
feat: anonymous read-only receipt share (#713)
Jagadeeshftw Jun 28, 2026
d9a9c5c
docs: contract storage layout (#712)
Jagadeeshftw Jun 28, 2026
7ffad69
feat: expose remaining per-sender stream capacity (#711)
Jagadeeshftw Jun 28, 2026
bf9fd64
feat: emit structured paused/resumed lifecycle events (#710)
Jagadeeshftw Jun 28, 2026
4357865
feat: expand ContractError taxonomy with SelfStream and AlreadyInitia…
Jagadeeshftw Jun 28, 2026
65ed122
test: cancel_stream refund split boundaries (#708)
Jagadeeshftw Jun 28, 2026
eb78efd
ci: gas budget regression gate (#707)
Jagadeeshftw Jun 28, 2026
8c97fb4
test: per-category notification channel toggles (#673)
Jagadeeshftw Jun 28, 2026
a3e5201
feat: accessible mobile bottom nav with badges (#672)
Jagadeeshftw Jun 28, 2026
178d93a
feat: inline help on stream rate field (#671)
Jagadeeshftw Jun 28, 2026
e4da6ab
feat: add screen-reader severity labels to toast icons (#670)
Jagadeeshftw Jun 28, 2026
cc2e97e
feat: cancel stream confirmation with refund preview (#669)
Jagadeeshftw Jun 28, 2026
7642b01
feat: enforce per-org daily quota on stream creation
morelucks Jun 28, 2026
b96b8b1
Merge branch 'main' into feat/streams-daily-quota
morelucks Jun 28, 2026
c456111
#533 Add contract events panel on stream detail
Chigybillionz Jun 28, 2026
5fa499a
feat: wallet balance display with polling indicator (#664)
Jagadeeshftw Jun 29, 2026
fdaddf2
feat: switch-network affordance for wallet network mismatch (#665)
Jagadeeshftw Jun 29, 2026
34dbc2d
feat: stream receipt social share card with privacy mask (#666)
Jagadeeshftw Jun 29, 2026
e9126e5
feat: 'pause all by recipient' batch action modal (#667)
Jagadeeshftw Jun 29, 2026
6710a9b
feat: sticky summary header on stream detail (#668)
Jagadeeshftw Jun 29, 2026
ad97fb9
feat: add anomaly detection on stream rate changes
Jun 29, 2026
1b56a1b
feat: token-gated Prometheus metrics route
1nonlypiece Jun 29, 2026
af78f08
feat: idempotency key cleanup job
1nonlypiece Jun 29, 2026
9401316
feat: chaos injection middleware (dev/staging only)
1nonlypiece Jun 29, 2026
6130653
test: SQL injection regression suite
1nonlypiece Jun 29, 2026
91b6c6a
fix: unblock tests by removing duplicate logger export and syncing @e…
Jun 29, 2026
5a51c34
feat: dashboard quick deposit
1nonlypiece Jun 29, 2026
fb70915
feat: color-blind safe statuses
1nonlypiece Jun 29, 2026
0c25610
fix: reduced-motion progress
1nonlypiece Jun 29, 2026
8f550ce
fix: standardize modal close affordance
1nonlypiece Jun 29, 2026
36e95f5
Merge branch 'main' into feature/rate-anomaly
opeolarewaju5-glitch Jun 29, 2026
9d936ac
feat: stream row burn-down mini-chart
1nonlypiece Jun 29, 2026
db37e7f
feat: CreateStream preview step polish
1nonlypiece Jun 29, 2026
a4bb306
feat: add trustline pre-check before stream creation
1nonlypiece Jun 29, 2026
6aaec45
feat: amend_stream rate-change validation with overflow-safe math
1nonlypiece Jun 29, 2026
0915970
test: pause/resume accrual-freeze coverage
1nonlypiece Jun 29, 2026
45d8007
feat: add fault-injection middleware for chaos tests
Jun 29, 2026
5d135a3
feat: two-step upgrade with 48h timelock
1nonlypiece Jun 29, 2026
4b08d38
feat: per-org token allowlist
1nonlypiece Jun 29, 2026
e4174a8
Merge branch 'main' into task/chaos-middleware
opeolarewaju5-glitch Jun 29, 2026
76ce1b9
updated
Luchistack Jun 29, 2026
fcf2491
feat: Add /api/admin/quotas endpoints (#691)
Baskarayelu Jun 29, 2026
0517e9d
feat: Add /api/streams/[id]/webhooks/test endpoint (#692)
Baskarayelu Jun 29, 2026
3d61b07
feat: Add request-id propagation policy enforcement (#693)
Baskarayelu Jun 29, 2026
079a2da
feat: Add OpenAPI examples for stream lifecycle endpoints (#694)
Baskarayelu Jun 29, 2026
61bd248
feat: Add /api/webhooks/health endpoint with subscription stats (#695)
Baskarayelu Jun 29, 2026
c65f8f1
feat: Add /api/audit/export streaming endpoint (#696)
Baskarayelu Jun 29, 2026
76e72de
feat: Add /api/admin/circuit-breaker control endpoint (#697)
Baskarayelu Jun 29, 2026
53bb1ba
feat: add high-contrast theme variant (#565)
kimanicode Jun 29, 2026
2744ea6
feat: Add /api/admin/jobs status endpoint (#698)
Baskarayelu Jun 29, 2026
fda3ab9
fix(contracts): resolve duplicate type definitions breaking streampay…
Jun 29, 2026
f3abdd3
feat: add /api/internal/reconciliation/diff/:streamId
Awointa Jun 29, 2026
828128a
feat: add @testing-library/dom dependency and specify Node.js engine …
Awointa Jun 29, 2026
5e67b6a
chore: update dependencies and remove unused packages from package-lo…
Awointa Jun 29, 2026
2981745
feat: activity timeline read-model projection
GdAyo19 Jun 29, 2026
bb9581e
cors allowlist
kimanicode Jun 29, 2026
bdd5ca0
feat: add json-shape stability test for /api/streams
temi-Dee Jun 29, 2026
8b9e9ba
feat: add accessible Settings tabs with WCAG 2.1 AA compliance
ochojilalucyochanya-byte Jun 29, 2026
0a93de6
feat: add versioned stream storage migration system
ochojilalucyochanya-byte Jun 29, 2026
901d753
feat: admin audit events for set_paused, set_admin, set_token_allowed
shogun444 Jun 29, 2026
a16e630
feat: polish No streams yet empty state with first-time guidance step…
Baskarayelu Jun 29, 2026
da2459d
feat: add accessible Sort dropdown component for /streams (#676)
Baskarayelu Jun 29, 2026
42b05da
feat: polish skeleton placeholders to match final card shapes (#675)
Baskarayelu Jun 29, 2026
13c5440
feat: add useDraft hook for accessible Save draft on CreateStream (#674)
Baskarayelu Jun 29, 2026
cede46f
feat: add per-stream notes textarea with auto-save to localStorage (#…
Baskarayelu Jun 29, 2026
2f9e0a9
feat: add CSV export of stream history (#678)
Baskarayelu Jun 29, 2026
394704f
feat: add accessible Reset filters button for /streams (#680)
Baskarayelu Jun 29, 2026
6fa31a9
feat: add tag chips with click-to-filter on /streams (#681)
Baskarayelu Jun 29, 2026
2af662b
feat: add Welcome tour overlay for first-time users (#682)
Baskarayelu Jun 29, 2026
3873f18
fix: resolve failing CI check
Joeloo1 Jun 29, 2026
686afec
feat: add json-shape stability test for /api/streams (#597)
temi-Dee Jun 29, 2026
ce2e255
fix: resolve all three failing CI jobs
Joeloo1 Jun 29, 2026
437ab5f
Merge PR #732
greatest0fallt1me Jun 29, 2026
9ddd408
Merge PR #735
greatest0fallt1me Jun 29, 2026
9856c63
Merge PR #736
greatest0fallt1me Jun 29, 2026
8918c5b
Merge PR #737
greatest0fallt1me Jun 29, 2026
2748032
Merge PR #738
greatest0fallt1me Jun 29, 2026
04ae3be
Merge PR #739
greatest0fallt1me Jun 29, 2026
f781190
Merge PR #740
greatest0fallt1me Jun 29, 2026
497041e
Merge PR #741
greatest0fallt1me Jun 29, 2026
e6b0440
Merge PR #742
greatest0fallt1me Jun 29, 2026
3740499
Merge PR #743
greatest0fallt1me Jun 29, 2026
49e8421
Merge PR #744
greatest0fallt1me Jun 29, 2026
af70b61
Merge PR #745
greatest0fallt1me Jun 29, 2026
902f251
Merge PR #746
greatest0fallt1me Jun 29, 2026
28ec82b
Merge PR #747
greatest0fallt1me Jun 29, 2026
6bd8aed
Merge PR #748
greatest0fallt1me Jun 29, 2026
6d22c14
Merge PR #749
greatest0fallt1me Jun 29, 2026
6fca83f
Merge PR #750
greatest0fallt1me Jun 29, 2026
b0884ee
Merge PR #751
greatest0fallt1me Jun 29, 2026
ef72506
Merge PR #752
greatest0fallt1me Jun 29, 2026
3b160bb
Merge PR #753
greatest0fallt1me Jun 29, 2026
c5fce88
Merge PR #754
greatest0fallt1me Jun 29, 2026
ed0ff4f
Merge PR #755
greatest0fallt1me Jun 29, 2026
ad872e0
Merge PR #756
greatest0fallt1me Jun 29, 2026
ab575ed
Merge PR #757
greatest0fallt1me Jun 29, 2026
85c0841
Merge PR #758
greatest0fallt1me Jun 29, 2026
8689f4f
Merge PR #759
greatest0fallt1me Jun 29, 2026
f620642
Merge PR #760
greatest0fallt1me Jun 29, 2026
fa71c2a
Merge PR #761
greatest0fallt1me Jun 29, 2026
e48544f
Merge PR #762
greatest0fallt1me Jun 29, 2026
4b0d3ab
Merge PR #763
greatest0fallt1me Jun 29, 2026
084dec1
Merge PR #764
greatest0fallt1me Jun 29, 2026
8fb5f2e
Merge PR #765
greatest0fallt1me Jun 29, 2026
11c4c33
Merge PR #766
greatest0fallt1me Jun 29, 2026
5b44beb
Merge PR #767
greatest0fallt1me Jun 29, 2026
b37ab06
Merge PR #768
greatest0fallt1me Jun 29, 2026
cdcfc5f
Merge PR #769
greatest0fallt1me Jun 29, 2026
651e89f
Merge PR #770
greatest0fallt1me Jun 29, 2026
1b09e61
Merge PR #771
greatest0fallt1me Jun 29, 2026
bd291e8
Merge PR #772
greatest0fallt1me Jun 29, 2026
a9b0aa0
Merge PR #773
greatest0fallt1me Jun 29, 2026
9751121
Merge PR #774
greatest0fallt1me Jun 29, 2026
3f29637
Merge PR #775
greatest0fallt1me Jun 29, 2026
2c4d17a
Merge PR #776
greatest0fallt1me Jun 29, 2026
ac08689
Merge PR #777
greatest0fallt1me Jun 29, 2026
90d82b1
Merge PR #778
greatest0fallt1me Jun 29, 2026
f2fff90
Merge PR #779
greatest0fallt1me Jun 29, 2026
00b5866
Merge PR #780
greatest0fallt1me Jun 29, 2026
3d7da30
Merge PR #781
greatest0fallt1me Jun 29, 2026
3189e4d
Merge PR #782
greatest0fallt1me Jun 29, 2026
93c0715
Merge PR #783
greatest0fallt1me Jun 29, 2026
2c8769b
Merge PR #784
greatest0fallt1me Jun 29, 2026
7537d5f
Merge PR #785
greatest0fallt1me Jun 29, 2026
4d989c2
Merge PR #786
greatest0fallt1me Jun 29, 2026
55f4fb3
Merge PR #787
greatest0fallt1me Jun 29, 2026
d2c73e4
Merge PR #788
greatest0fallt1me Jun 29, 2026
edf23db
Merge PR #789
greatest0fallt1me Jun 29, 2026
cd83263
Merge PR #790
greatest0fallt1me Jun 29, 2026
0e42287
Merge PR #791
greatest0fallt1me Jun 29, 2026
d9d2126
Merge PR #792
greatest0fallt1me Jun 29, 2026
52748d5
Merge PR #793
greatest0fallt1me Jun 29, 2026
278f2e5
Merge PR #794
greatest0fallt1me Jun 29, 2026
d70117f
Merge PR #795
greatest0fallt1me Jun 29, 2026
6716c3d
Merge PR #796
greatest0fallt1me Jun 29, 2026
1db3bb6
Merge PR #797
greatest0fallt1me Jun 29, 2026
2c02bdf
Merge PR #798
greatest0fallt1me Jun 29, 2026
075b251
Merge PR #799
greatest0fallt1me Jun 29, 2026
d41681c
Merge PR #800
greatest0fallt1me Jun 29, 2026
f6b1ccc
Merge PR #801
greatest0fallt1me Jun 29, 2026
93af6be
Merge PR #802
greatest0fallt1me Jun 29, 2026
45460cb
Merge PR #803
greatest0fallt1me Jun 29, 2026
9629f13
Merge PR #804
greatest0fallt1me Jun 29, 2026
2b0bf44
Merge PR #805
greatest0fallt1me Jun 29, 2026
de8e06c
Merge PR #806
greatest0fallt1me Jun 29, 2026
ad99105
Merge PR #807
greatest0fallt1me Jun 29, 2026
9b2828b
Merge PR #808
greatest0fallt1me Jun 29, 2026
f473c8f
Merge PR #809
greatest0fallt1me Jun 29, 2026
a639ffe
Merge PR #810
greatest0fallt1me Jun 29, 2026
31906f7
Merge PR #811
greatest0fallt1me Jun 29, 2026
2b26f4b
Merge PR #812
greatest0fallt1me Jun 29, 2026
1fb71de
Merge PR #813
greatest0fallt1me Jun 29, 2026
001b8ec
Merge PR #814
greatest0fallt1me Jun 29, 2026
6572008
Merge PR #815
greatest0fallt1me Jun 29, 2026
6d86a14
Merge PR #816
greatest0fallt1me Jun 29, 2026
8134bb8
Merge PR #817
greatest0fallt1me Jun 29, 2026
4a43ca6
Merge PR #818
greatest0fallt1me Jun 29, 2026
8f24dc0
Merge PR #819
greatest0fallt1me Jun 29, 2026
425570c
Merge PR #820
greatest0fallt1me Jun 29, 2026
4af7dc3
chore: preserve CI workflows (token lacks workflow scope)
greatest0fallt1me Jun 29, 2026
e72bfbd
feat: add POST /api/streams/import endpoint for bulk CSV import (#683)
mikewheeleer Jun 29, 2026
6848c64
feat: add GET/POST /api/streams/template endpoints (#684)
mikewheeleer Jun 29, 2026
fc77df4
feat: add GET/PUT /api/notifications/preferences endpoint (#685)
mikewheeleer Jun 29, 2026
0b825f0
feat: add GET /api/streams/search with full-text and field filters (#…
mikewheeleer Jun 29, 2026
c363feb
feat: add GET /api/admin/streams/health endpoint (#687)
mikewheeleer Jun 29, 2026
c6cc568
feat: add SSE endpoint GET /api/indexer/status for live indexer statu…
mikewheeleer Jun 29, 2026
910b1e8
feat: add POST /api/streams/dryrun preflight validation endpoint (#689)
mikewheeleer Jun 29, 2026
d1cabf2
feat: add GET /api/orgs/[orgId]/audit endpoint (#690)
mikewheeleer Jun 29, 2026
e75b207
Merge PR #821
greatest0fallt1me Jun 29, 2026
c5c4d34
Merge PR #822
greatest0fallt1me Jun 29, 2026
ed9d5ff
Merge PR #823
greatest0fallt1me Jun 29, 2026
9a866e9
Merge PR #824
greatest0fallt1me Jun 29, 2026
be55f2e
Merge PR #825
greatest0fallt1me Jun 29, 2026
79e0853
Merge PR #826
greatest0fallt1me Jun 29, 2026
4bf7869
Merge PR #827
greatest0fallt1me Jun 29, 2026
75033fe
Merge PR #828
greatest0fallt1me Jun 29, 2026
cf167bf
Merge upstream/main - resolve conflicts keeping local versions
Windowlight Jun 30, 2026
b6ee65f
feat: per-user accessibility controls (reduce-motion, parallax, autop…
Windowlight Jun 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
18 changes: 18 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
root = true

[*]
charset = utf-8
end_of_line = lf
indent_style = space
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true

[*.md]
trim_trailing_whitespace = false

[Makefile]
indent_style = tab

[*.{rs,toml}]
indent_size = 4
188 changes: 188 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
# =============================================================================
# StreamPay Frontend Environment Configuration
# =============================================================================
#
# SECURITY NOTES:
# - Never commit real credentials to version control
# - Use different secrets for testnet and mainnet
# - CI must use testnet only (enforced by GitHub Actions)
# - JWT_SECRET must be at least 32 characters in production
# - STELLAR_NETWORK is required - no silent fallback to mainnet
#
# =============================================================================
# REQUIRED VARIABLES
# =============================================================================

# Stellar Network Configuration
# Options: testnet, mainnet
# Required: Yes
# Purpose: Selects which Stellar network to use
# Security: CI will fail if set to 'mainnet'
STELLAR_NETWORK=testnet

# JWT Secret for Authentication
# Required: Yes
# Purpose: Signs and verifies JWT tokens for wallet authentication
# Security: Must be at least 32 characters. Do not use default in production.
# Example: Use a secure random string generator
JWT_SECRET=your-super-secret-jwt-key-min-32-chars-change-this

# Allowed browser origins for public API requests
# Required: Yes
# Purpose: Controls CORS access for frontend API calls
# Example: http://localhost:3000
ALLOWED_ORIGINS=http://localhost:3000

# Node Environment
# Required: No (defaults to development)
# Options: development, production, test
# Purpose: Controls application behavior and optimizations
NODE_ENV=development

# =============================================================================
# OPTIONAL VARIABLES
# =============================================================================

# Service Name
# Required: No (defaults to streampay-frontend)
# Purpose: Identifies service in logs and monitoring
SERVICE_NAME=streampay-frontend

# Internal Auth Token
# Required: No
# Purpose: Token for service-to-service authentication
# Security: Only set for internal service communication
INTERNAL_AUTH_TOKEN=

# Anomaly Detection Thresholds
# Required: No (defaults to 50 and 20)
# Purpose: Configures fraud detection limits
ANOMALY_CREATION_THRESHOLD=50
ANOMALY_SETTLE_THRESHOLD=20

# Request Body Size Cap for /api/v2/streams* (POST, PUT, PATCH)
# Required: No (defaults to 262144 = 256 KB)
# Purpose: Middleware rejects requests whose Content-Length exceeds this value
# with a 413 status and a machine-readable error envelope.
# Only write methods on /api/v2/streams* are subject to this cap;
# GET/HEAD/OPTIONS/DELETE and all other paths are unaffected.
# Example: 131072 for a 128 KB cap, 524288 for a 512 KB cap
MAX_STREAM_BODY_BYTES=262144

# Request Body Size Cap for /api/webhooks* (POST, PUT, PATCH)
# Required: No (defaults to 1048576 = 1 MB)
# Purpose: Middleware rejects webhook requests whose Content-Length exceeds this
# value with a 413 status and a machine-readable error envelope.
# Only write methods on /api/webhooks and /api/webhooks/* are subject
# to this cap; all other paths are unaffected.
# Example: 2097152 for a 2 MB cap
MAX_WEBHOOK_BODY_BYTES=1048576

# =============================================================================
# NETWORK PROFILES
# =============================================================================
#
# TESTNET PROFILE:
# - Horizon URL: https://horizon-testnet.stellar.org
# - Passphrase: Test SDF Network ; September 2015
# - Friendbot: Available for funding
# - Explorer: https://stellar.expert/testnet
# - Asset Label: TESTNET (for UI safety)
#
# MAINNET PROFILE:
# - Horizon URL: https://horizon.stellar.org
# - Passphrase: Public Global Stellar Network ; September 2015
# - Friendbot: Not available
# - Explorer: https://stellar.expert
# - Asset Label: (empty)
#
# =============================================================================
# ENVIRONMENT MATRIX
# =============================================================================
#
# Variable | Testnet | Mainnet | CI | Required
# ---------------------|---------|---------|----|----------
# STELLAR_NETWORK | testnet | mainnet | testnet only | Yes
# JWT_SECRET | dev key | prod key | dev key | Yes
# SERVICE_NAME | optional| optional| optional | No
# INTERNAL_AUTH_TOKEN | optional| optional| optional | No
# ANOMALY_*_THRESHOLD | optional| optional| optional | No
#
# =============================================================================
# SETUP INSTRUCTIONS
# =============================================================================
#
# 1. Copy this file to .env.local:
# cp .env.example .env.local
#
# 2. For local development (testnet):
# - Set STELLAR_NETWORK=testnet
# - Set JWT_SECRET to a random string (can be short for dev)
# - Start with: npm run dev
#
# 3. For production deployment (mainnet):
# - Set STELLAR_NETWORK=mainnet
# - Set JWT_SECRET to a secure 32+ character random string
# - Set NODE_ENV=production
# - Deploy via your hosting platform
#
# 4. For CI/CD:
# - CI automatically enforces testnet-only
# - Set secrets in GitHub Actions or your CI platform
# - Never use production secrets in CI
#
# =============================================================================
# KMS AND SIGNING STRATEGY
# =============================================================================
#
# StreamPay never holds raw secret keys in process memory at rest. The
# KMS abstraction lets us swap between a real cloud KMS in production
# and a deterministic mock in development / CI.
#
# Provider options:
# - 'aws-kms' : Production. KMS_KEY_ID and KMS_REGION required.
# Signing latency: ~50-150ms per request.
# Keys never leave AWS; we hold only references.
# - 'local-mock' : Development / CI only. Uses STELLAR_MOCK_SECRET.
# Latency: synchronous, in-process. Never set this
# in production — the app will fail-fast at boot.
KMS_PROVIDER=local-mock

# AWS KMS Configuration (required if provider is 'aws-kms')
KMS_KEY_ID=
KMS_REGION=us-east-1

# Local Mock Configuration
# SECURITY: Never use these in production
STELLAR_MOCK_SECRET=S_MOCK_SECRET_KEY_56_CHARS_LONG_AAAAAAAAAAAAAAAAAAAAAAA

# =============================================================================
# SECURITY CHECKLIST
# =============================================================================
#
# Before deploying to production:
# [ ] STELLAR_NETWORK is set to 'mainnet' (if deploying to mainnet)
# [ ] JWT_SECRET is at least 32 characters
# [ ] JWT_SECRET is NOT the default value
# [ ] NODE_ENV is set to 'production'
# [ ] No testnet secrets are used with mainnet configuration
# [ ] Horizon URL matches the selected network
# [ ] Internal auth tokens are set if using service mesh
# [ ] Anomaly thresholds are appropriate for your traffic
#
# =============================================================================
# TROUBLESHOOTING
# =============================================================================
#
# Error: "STELLAR_NETWORK environment variable is required"
# Fix: Set STELLAR_NETWORK=testnet or STELLAR_NETWORK=mainnet in .env.local
#
# Error: "JWT_SECRET must be at least 32 characters"
# Fix: Generate a longer secret using: openssl rand -base64 32
#
# Error: "CI environment detected with mainnet network configuration"
# Fix: CI is restricted to testnet. Use testnet in CI or deploy manually.
#
# Error: "Production environment cannot use default JWT_SECRET"
# Fix: Set a custom JWT_SECRET when NODE_ENV=production
#
42 changes: 42 additions & 0 deletions .env.testnet.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# .env.testnet.example
# Copy this file to .env.testnet and fill in your values.
# NEVER commit .env.testnet to version control.

# ── Stellar Network ─────────────────────────────────────────────────────────────
# Network identifier: testnet | futurenet | pubnet (use testnet for development)
STELLAR_NETWORK=testnet

# Horizon API endpoint (testnet)
STELLAR_HORIZON_URL=https://horizon-testnet.stellar.org

# Friendbot URL for funding testnet accounts
STELLAR_FRIENDBOT_URL=https://friendbot.stellar.org

# ── Testnet Accounts ────────────────────────────────────────────────────────────
# Generated by scripts/stellar-dev.sh — DO NOT commit these keys
# Replace with your own testnet keys after running the script
STELLAR_SEED_SECRET_KEY=
STELLAR_SEED_PUBLIC_KEY=

# ── Frontend Config ─────────────────────────────────────────────────────────────
# Backend API URL (required for frontend to work)
NEXT_PUBLIC_API_URL=http://localhost:4000

# Comma-separated browser origin allowlist for public API CORS
ALLOWED_ORIGINS=http://localhost:3000

# Optional: Stellar asset code for streams (default: XLM)
NEXT_PUBLIC_STELLAR_ASSET_CODE=XLM

# Optional: Stellar asset issuer (leave empty for native XLM)
NEXT_PUBLIC_STELLAR_ASSET_ISSUER=

# ── Development ─────────────────────────────────────────────────────────────────
# Node environment (never set to production for testnet)
NODE_ENV=development

# Number of test accounts to create (default: 2)
ACCOUNTS_TO_CREATE=2

# Path to seed script (default: scripts/seed-streams.js)
SEED_SCRIPT=scripts/seed-streams.js
10 changes: 10 additions & 0 deletions .eslintrc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"extends": ["next/core-web-vitals", "next/typescript"],
"ignorePatterns": [
".next/",
"node_modules/",
"eslint.config.mjs",
"jest.config.js",
"next-env.d.ts"
]
}
102 changes: 102 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
## Security Changes

### Type of Security Change
- [ ] SAST rule update
- [ ] Dependency vulnerability fix
- [ ] Exemption addition/renewal
- [ ] Security workflow modification
- [ ] Container image update
- [ ] Other: _______________

### Vulnerability Details (if applicable)

**CVE/Advisory ID:**
- CVE-ID:
- GHSA-ID:

**Affected Package:**
- Name:
- Version:
- Severity: [ ] Critical [ ] High [ ] Medium [ ] Low

**Fix Applied:**
- [ ] Package version bump
- [ ] Code change to mitigate
- [ ] Configuration update
- [ ] Exemption granted (see below)

### Exemption Request (if applicable)

**Exemption ID:** EXEMPT-___

**Justification:**
<!-- Detailed reason why this vulnerability can be temporarily exempted -->

**Mitigation Applied:**
<!-- What compensating controls or workarounds are in place -->

**Expiry Date:** YYYY-MM-DD (max 90 days from now)

**Review Plan:**
<!-- How and when this will be re-evaluated -->

### Testing

- [ ] Ran `npm audit` locally - output attached or no new vulnerabilities
- [ ] Security workflow passes on this branch
- [ ] Test suite passes: `npm test`
- [ ] Build succeeds: `npm run build`

### Security Impact Analysis

**Affected Components:**
- [ ] Authentication/Authorization
- [ ] Payment processing
- [ ] Data encryption
- [ ] API endpoints
- [ ] Dependencies
- [ ] Container images
- [ ] CI/CD pipeline
- [ ] Other: _______________

**Risk Assessment:**
<!-- Describe any potential security risks introduced or mitigated by this change -->

### Documentation Updates

- [ ] Updated README.md (if workflow changed)
- [ ] Updated SECURITY-CI-SETUP.md (if process changed)
- [ ] Updated security-exemptions.json (if applicable)
- [ ] Added security notes to code comments

### Checklist

- [ ] No secrets or keys committed
- [ ] No PII or sensitive data in logs
- [ ] All security scans pass (or exemptions documented)
- [ ] Branch protection requirements met
- [ ] Code review from security team (for critical changes)

### Additional Notes

<!-- Any additional context, links to advisories, or relevant discussions -->

### Test Output

```
# Paste npm test output here
npm test

# Paste npm audit output here (if relevant)
npm audit
```

### CI Run Link

<!-- Link to passing GitHub Actions run -->
Workflow Run:

---

**Security Review Required:** @security-team
**Compliance Impact:** [Yes/No - explain if yes]
Loading